app-dev

This SKILL.md is a prescriptive developer/enforcement skill for Freshworks Platform 3.0 app generation. It does not contain code that directly exfiltrates credentials, spawn reverse shells, perform eval/exec, or call suspicious domains. Main risks are operational and supply-chain: (1) the skill allows the agent to run shell commands (npx, fdk validate) and autonomously modify the workspace, which grants high local privileges and can be dangerous if the agent or any installed templates are malicious; (2) it references standard external sources (GitHub, jsdelivr) which are legitimate but are supply-chain trust points. The guidance itself emphasizes secure handling of secrets and forbids dangerous code patterns, which is positive. Overall, I find no direct malicious behavior in the provided document, but caution is warranted around granting shell access and installing third-party templates without verification.